"It's SaaS, there's no tech debt" — the sentence that mispriced the deal
Here is the diligence call I keep hearing. A sponsor is looking at a mid-market life sciences commercial team — say a 700-rep specialty pharma operation running Veeva CRM — and the deal team waves off the technology workstream in twenty minutes. "It's Veeva. It's the industry standard. It rides on Salesforce. Nothing to refactor, no servers to patch, maintenance capex is a rounding error." Then they move on to the revenue build.
That logic was defensible for a decade. It stopped being true the moment Veeva put a date on the gravestone. Veeva is retiring its Salesforce-based CRM and pushing every customer onto its proprietary Vault CRM, with the runway ending around 2030 (Veeva's own availability and migration timeline). This is not a release-train upgrade where you click "schedule maintenance window." It is a platform repatriation — off the Salesforce stack the target spent ten years bending to its will, onto an architecture that does not speak the same language.
And that is the part that mispriced the deal. The customizations that made the target's Veeva instance "work" — the Apex triggers, the Visualforce screens, the bespoke custom objects nobody documented after the original admin left — do not port. They are a quantifiable liability with a four-year fuse and a salvage value of zero. The seller's decade of "just make it do this one thing" is now a remediation invoice, and unless you find it in diligence, you are signing the LOI that agrees to pay it.
Three artifacts that tell you the truth in an afternoon
You don't need a six-week technology audit to size this. You need three pulls from the target's admin, and you can read all of them before the next IC update.
1. The custom object count — your migration-friction proxy
Ask for a metadata export listing every active custom object in the CRM. This is a five-minute pull for any competent admin; resistance to producing it is itself a finding. Vault CRM is built around a standardized data model so Veeva can layer in network connectivity and AI on top — which means the target's custom objects don't migrate, they get re-architected. For a mid-market implementation, treat anything north of ~15 active custom objects as a high-friction migration. Each one carries data mapping, security and sharing-rule reconstruction, validation, and often a logic rebuild — what lived as an Apex trigger on Salesforce has to be re-expressed in Vault's own configuration and Java-based extension model. The count is a direct proxy for service hours you'll be funding. Clarkston's migration considerations walk through why the configuration-versus-customization split is the single biggest driver of effort.
2. The integration map — find the FTP, find the time bomb
Veeva Vault is the validated source of truth for regulated content — promotional materials, medical-legal-regulatory review. Debt accumulates wherever the target wired Vault to ERP (SAP, Oracle) or a warehouse (Snowflake) with hand-rolled point-to-point connections instead of standard connectors or middleware. The tell: a nightly "file drop" moving data over FTP rather than an API, or a custom script with one author and no runbook. Those connections are brittle by construction — they snap on platform updates and have to be rebuilt during the Vault cutover anyway. As I argue in our breakdown of the diligence red flags that kill deals, the homemade integration is usually the first thing that fails the morning after close, and it fails loudest in a validated environment where you can't just hot-patch it.
3. The report-to-headcount ratio — is the IP in Veeva or in Excel?
Because Veeva is a validated system under 21 CFR Part 11, changing it is deliberately slow. So commercial ops teams route around it: they export to Excel and Power BI and run the actual business there. Here's the cheap diagnostic — compare the count of active, used reports inside Veeva against the size of the commercial ops team. A large ops function leaning on a thin set of live reports means the operating intelligence — territory logic, incentive math, the real targeting model — lives in spreadsheets on someone's laptop, not in the asset you're buying. You're acquiring the license and the seat count, not the operational IP. That gap doesn't show up on the cap table, but it shows up in the first 100 days when the analyst who owned the spreadsheets takes the retention check and leaves.
Turn the audit into an LOI line item, not a footnote
Findings that stay in the data room don't protect anyone. The point of the three pulls above is to convert "Veeva looks fine" into a number that moves either the price or the indemnity language.
Size the migration haircut
Estimates for moving a mid-market life sciences org from Salesforce-based Veeva CRM to Vault CRM commonly land in the low single-digit millions once you include data migration, IQ/OQ/PQ validation, and retraining a field force — the heavier the customization, the higher the band (see Exeevo's comparison of life sciences CRM migration costs). The trap is that the target almost never has this budgeted. It isn't in their forecast capex, because to them it's a "someday" IT project. To you, post-close, it's a hard 2030 deadline with no opt-out. So model it explicitly: a remediation line in the QofE or a working-capital adjustment, sized off the actual custom-object and integration counts you pulled — not a placeholder.
Structure it where it does the work
Two clean mechanisms. Either deduct the modeled remediation cost from purchase price outright, or carve it into a specific indemnity tied to migration completion. While you're at it, scrub the third-party AppExchange tools bolted onto the Salesforce instance — many simply have no Vault equivalent and quietly become rip-and-replace items, a pattern I cover in the AppExchange customization debt teardown.
And reward the clean core
The flip side is real value, not just a defensive deduction. A target that stayed disciplined — standard Veeva configuration, minimal custom code, connectors instead of FTP — migrates to Vault with a fraction of the disruption. That asset lets you spend year one on commercial expansion instead of infrastructure plumbing, and in a 2026 deal market it's a clean differentiator that defensibly supports a higher multiple. The absence of Veeva migration debt is no longer table stakes. It's a premium you should be willing to pay for, because you've just seen exactly what the alternative costs.
